A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

Leevy, Joffrey L.; Khoshgoftaar, Taghi M.

doi:10.1186/s40537-020-00382-x

Cited by 158 publications

(109 citation statements)

References 87 publications

Supporting

Mentioning

109

Contrasting

Order By: Relevance

“…Based on the results and statistical analysis from Tables 7,8,9,10,11,12,13,14,15,16,17,18,19, and 20, we can conclude that the answers to all three of our research questions are yes. The random undersampling ratios are significantly different from each other for both AUC and AUPRC metrics in detecting web attacks in the CSE-CIC-IDS2018 dataset.…”

Section: Discussionmentioning

confidence: 79%

“…CSE-CIC-IDS2018 is a more recent intrusion detection dataset than the popular CIC-IDS2017 dataset [8], which was also created by Sharafaldin et al The CSE-CIC-IDS2018 dataset includes over 16 million instances which includes normal instances, as well as the following family of attacks: web attack, Denial of Service (DoS), Distributed Denial of Service (DDoS), brute force, infiltration, and botnet. For additional details on the CSE-CIC-IDS2018 dataset [9], please refer to [10].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Detecting web attacks using random undersampling and ensemble learners

2021

Self Cite

View full text Add to dashboard Cite

Class imbalance is an important consideration for cybersecurity and machine learning. We explore classification performance in detecting web attacks in the recent CSE-CIC-IDS2018 dataset. This study considers a total of eight random undersampling (RUS) ratios: no sampling, 999:1, 99:1, 95:5, 9:1, 3:1, 65:35, and 1:1. Additionally, seven different classifiers are employed: Decision Tree (DT), Random Forest (RF), CatBoost (CB), LightGBM (LGB), XGBoost (XGB), Naive Bayes (NB), and Logistic Regression (LR). For classification performance metrics, Area Under the Receiver Operating Characteristic Curve (AUC) and Area Under the Precision-Recall Curve (AUPRC) are both utilized to answer the following three research questions. The first question asks: “Are various random undersampling ratios statistically different from each other in detecting web attacks?” The second question asks: “Are different classifiers statistically different from each other in detecting web attacks?” And, our third question asks: “Is the interaction between different classifiers and random undersampling ratios significant for detecting web attacks?” Based on our experiments, the answers to all three research questions is “Yes”. To the best of our knowledge, we are the first to apply random undersampling techniques to web attacks from the CSE-CIC-IDS2018 dataset while exploring various sampling ratios.

show abstract

Section: Discussionmentioning

confidence: 79%

mentioning

confidence: 99%

Detecting web attacks using random undersampling and ensemble learners

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are two main approaches to detect intrusions, and they are based on signature and statistical anomaly. The authors in [38] present an exhaustive survey on IDS based on CICIDS-2018 datasets. The CICIDS2018 is the most comprehensive Big Data, publicly available intrusion detection dataset that encompasses a broad range of types of attacks.…”

Section: Related Workmentioning

confidence: 99%

Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks

et al. 2021

View full text Add to dashboard Cite

The recent development and adoption of unmanned aerial vehicles (UAVs) is due to its wide variety of applications in public and private sector from parcel delivery to wildlife conservation. The integration of UAVs, 5G, and satellite technologies has prompted telecommunication networks to evolve to provide higher-quality and more stable service to remote areas. However, security concerns with UAVs are growing as UAV nodes are becoming attractive targets for cyberattacks due to enormously growing volumes and poor and weak inbuilt security. In this paper, we propose a UAV- and satellite-based 5G-network security model that can harness machine learning to effectively detect of vulnerabilities and cyberattacks. The solution is divided into two main parts: the model creation for intrusion detection using various machine learning (ML) algorithms and the implementation of ML-based model into terrestrial or satellite gateways. The system identifies various attack types using realistic CSE-CIC IDS-2018 network datasets published by Canadian Establishment for Cybersecurity (CIC). It consists of seven different types of new and contemporary attack types. This paper demonstrates that ML algorithms can be used to classify benign or malicious packets in UAV networks to enhance security. Finally, the tested ML algorithms are compared for effectiveness in terms of accuracy rate, precision, recall, F1-score, and false-negative rate. The decision tree algorithm performed well by obtaining a maximum accuracy rate of 99.99% and a minimum false negative rate of 0% in detecting various attacks as compared to all other types of ML classifiers.

show abstract

“…Recently, studies on various intrusion detection methods using machine learning have been proposed. J. L. Leevy et al [12] presented a machine learning study survey on the CICIDS 2018 dataset for network intrusion detection. They pointed out that although the results reported in the entire study are generally high, the bias in the results should be questioned because the entire study did not take into account the imbalanced data problem.…”

Section: A Machine Learning-based Network Intrusion Detectionmentioning

confidence: 99%

Network Anomaly Detection Using Memory-Augmented Deep Autoencoder

et al. 2021

View full text Add to dashboard Cite

In recent years, attacks on network environments continue to rapidly advance and are increasingly intelligent. Accordingly, it is evident that there are limitations in existing signature-based intrusion detection systems. In particular, for novel attacks such as Advanced Persistent Threat (APT), signature patterns have problems with poor generalization performance. Furthermore, in a network environment, attack samples are rarely collected compared to normal samples, creating the problem of imbalanced data. Anomaly detection using an autoencoder has been widely studied in this environment, and learning is through semi-supervised learning methods to overcome these problems. This approach is based on the assumption that reconstruction errors for samples that are not used for training will be large, but an autoencoder is often over-generalized and this assumption is often broken. In this paper, we propose a network intrusion detection method using a memory-augmented deep auto-encoder (MemAE) that can solve the over-generalization problem of autoencoders. The MemAE model is trained to reconstruct the input of an abnormal sample that is close to a normal sample, which solves the generalization problem for such abnormal samples. Experiments were conducted on the NSL-KDD, UNSW-NB15, and CICIDS 2017 datasets, and it was confirmed that the proposed method is better than other one-class models.

show abstract

A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data

Cited by 158 publications

References 87 publications

Detecting web attacks using random undersampling and ensemble learners

Detecting web attacks using random undersampling and ensemble learners

Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks

Network Anomaly Detection Using Memory-Augmented Deep Autoencoder

Contact Info

Product

Resources

About